WP125 - Version 1.5.5

Version Description

Release Info

Developer	redwallhp
Plugin	WP125
Version	1.5.5
Comparing to
See all releases

Code changes from version 1.5.4 to 1.5.5

Files changed (5) hide show

adminmenus.php +78 -62
calendar.php +26 -20
readme.txt +4 -3
widget_class.php +3 -3
wp125.php +20 -17

adminmenus.php CHANGED Viewed

	@@ -23,35 +23,41 @@ function wp125_write_managemenu() {
23	//Handle deactivations
24	if ($_GET['wp125action'] == "deactivate") {
25	$theid = intval($_GET['theid']);
26	- ~~echo~~ ~~'<div id~~=~~"message"~~ ~~class="updated fade"><p>'.__~~('~~Are you sure you want to deactivate the ad?~~'~~, 'wp125').' <a href="admin.php?page=wp125/wp125.php&wp125action=deactivateconf&theid='~~.$theid~~.'">'.__('Yes', 'wp125'~~)~~.'</a> &nbsp~~; ~~<a href="admin.php?page=wp125/wp125.php">'.__('No!', 'wp125').'</a></p></div>';~~

27	}
28	if ($_GET['wp125action'] == "deactivateconf") {
29	$theid = intval($_GET['theid']);
30	global $wpdb, $table_prefix;
31	$adtable_name = $wpdb->prefix . "wp125_ads";
32	- $~~wpdb->update(~~
33	- $~~adtable_name,~~
34	- ~~array('status' => '0')~~,
35	- array('id' => ~~$theid~~)
36	- );
37	- ~~echo '<div id="message" class="updated fade"><p>'.__('Ad deactivated.', 'wp125'~~)~~.'</p></div>'~~;


38	}
39
40	//Handle REactivations
41	if ($_GET['wp125action'] == "activate") {
42	$theid = intval($_GET['theid']);
43	- ~~echo~~ ~~'<div id~~=~~"message"~~ ~~class="updated fade"><p>'.__~~('~~Are you sure you want to reactivate the ad?~~'~~, 'wp125').' <a href="admin.php?page=wp125/wp125.php&showmanage=inactive&wp125action=activateconf&theid='~~.$theid~~.'">'.__('Yes', 'wp125'~~)~~.'</a> &nbsp~~; ~~<a href="admin.php?page=wp125/wp125.php&showmanage=inactive">'.__('No!', 'wp125').'</a></p></div>';~~

44	}
45	if ($_GET['wp125action'] == "activateconf") {
46	$theid = intval($_GET['theid']);
47	global $wpdb, $table_prefix;
48	$adtable_name = $wpdb->prefix . "wp125_ads";
49	- $~~wpdb->update(~~
50	- $~~adtable_name,~~
51	- ~~array('status' => '1'~~, ~~'pre_exp_email' => '0'),~~
52	- array('id' => ~~$theid~~)
53	- );
54	- ~~echo '<div id="message" class="updated fade"><p>'.__('Ad activated.', 'wp125'~~)~~.'</p></div>'~~;


55	}
56
57	echo '<ul class="subsubsub">'; ?>
	@@ -80,16 +86,16 @@ function wp125_write_managemenu() {
80	foreach ($wp125db as $wp125db){
81
82	echo '<tr>';
83	- echo '<td>'.$wp125db->slot.'</td>';
84	- echo '<td><strong>'.$wp125db->name.'</strong></td>';
85	- if ($wp125db->clicks!='-1') { echo '<td class="num">'.$wp125db->clicks.'</td>'; } else { echo '<td class="num">'.__('N/A', 'wp125').'</td>'; }
86	- echo '<td>'.$wp125db->start_date.'</td>';
87	- echo '<td>'.$wp125db->end_date.'</td>';
88	- echo '<td><a href="admin.php?page=wp125_addedit&editad='.$wp125db->id.'">'.__('Edit', 'wp125').'</a></td>';
89	if ( isset($_GET['showmanage']) && ($_GET['showmanage'] == "inactive")) {
90	- echo '<td><a href="admin.php?page=wp125/wp125.php&showmanage=inactive&wp125action=activate&theid='.$wp125db->id.'">'.__('Activate', 'wp125').'</a></td>';
91	} else {
92	- echo '<td><a href="admin.php?page=wp125/wp125.php&wp125action=deactivate&theid='.$wp125db->id.'">'.__('Deactivate', 'wp125').'</a></td>';
93	}
94	echo '</tr>';
95
	@@ -98,7 +104,7 @@ function wp125_write_managemenu() {
98
99	echo '</tbody>
100	</table>';
101	- echo '<br /><a href="'.~~wp125_get_plugin_dir~~('~~url~~').'~~/calendar.php~~" title="Subscribe with your calendaring software..."><img src="'.wp125_get_plugin_dir('url').'/ical.gif" alt="iCalendar" /></a>';
102	wp125_admin_page_footer();
103	echo '</div>';
104	}
	@@ -127,16 +133,16 @@ function wp125_write_addeditmenu() {
127
128	<?php
129	if ( $_POST['Submit'] && wp_verify_nonce($_POST['nonce_wp125_addedit'],'wp125_addedit') ) {
130	- $post_editedad = ~~$wpdb->escape~~($_POST['editedad']);
131	- $post_adname = ~~$wpdb->escape~~($_POST['adname']);
132	- $post_adslot = ~~$wpdb->escape~~($_POST['adslot']);
133	- $post_adtarget = ~~$wpdb->escape~~($_POST['adtarget']);
134	- $post_adexp = ~~$wpdb->escape~~($_POST['adexp']);
135	- $post_adexpmo = ~~$wpdb->escape~~($_POST['adexp-mo']);
136	- $post_adexpday = ~~$wpdb->escape~~($_POST['adexp-day']);
137	- $post_adexpyr = ~~$wpdb->escape~~($_POST['adexp-yr']);
138	- $post_countclicks = ~~$wpdb->escape~~($_POST['countclicks']);
139	- $post_adimage = ~~$wpdb->escape~~($_POST['adimage']);
140	if ($post_countclicks=='on') { $post_countclicks = '0'; } else { $post_countclicks = '-1'; }
141	$today = date('m').'/'.date('d').'/'.date('Y');
142	if ($post_adexp=='manual') { $theenddate = '00/00/0000'; }
	@@ -147,24 +153,33 @@ function wp125_write_addeditmenu() {
147	if ($post_adexp=='120') { $expiry = time() + 120 * 24 * 60 * 60; $expiry = strftime('%m/%d/%Y', $expiry); $theenddate = $expiry; }
148	if ($post_editedad!='') { $theenddate = $post_adexpmo.'/'.$post_adexpday.'/'.$post_adexpyr; }
149	if ($post_editedad=='') {
150	- $updatedb = ~~"INSERT INTO~~ $~~adtable_name~~ (slot, name, start_date, end_date, clicks, status, target, image_url, pre_exp_email) VALUES ('$post_adslot', '$post_adname', '$today','$theenddate','$post_countclicks', '1', '$post_adtarget','$post_adimage', '0')";



151	$results = $wpdb->query($updatedb);
152	echo '<div id="message" class="updated fade"><p>Ad "'.$post_adname.'" created.</p></div>';
153	} else {
154	- $updatedb = ~~"UPDATE~~ $~~adtable_name SET slot = '$post_adslot', name = '$post_adname', end_date = '$theenddate', target = '$post_adtarget', image_url = '$post_adimage', pre_exp_email = '0' WHERE id='$post_editedad'";~~



155	$results = $wpdb->query($updatedb);
156	echo '<div id="message" class="updated fade"><p>'.__('Ad', 'wp125').' "'.$post_adname.'" '.__('updated.', 'wp125').'</p></div>';
157	}
158	}
159	if ($_POST['deletead']) {
160	- $post_editedad = ~~$wpdb->escape~~($_POST['editedad']);
161	- ~~echo~~ ~~'<div id~~=~~"message"~~ ~~class="updated fade"><p>'.__~~('~~Do you really want to delete this ad record? This action cannot be undone.~~'~~, 'wp125').' <a href="admin.php?page=wp125_addedit&deletead='~~.$post_editedad~~.'">'.__('Yes', 'wp125'~~)~~.'</a> &nbsp~~; ~~<a href="admin.php?page=wp125_addedit&editad='.$post_editedad.'">'.__('No!', 'wp125').'</a></p></div>';~~

162	}
163	if ($_GET['deletead']!='') {
164	$thead = intval($_GET['deletead']);
165	- ~~$updatedb~~ ~~= "DELETE FROM~~ $~~adtable_name~~ ~~WHERE id=~~'$thead~~'";~~
166	- $~~results~~ = $wpdb->~~query~~($~~updatedb~~);
167	- ~~echo~~ ~~'<div id~~=~~"message"~~ ~~class="updated fade"><p>'.__~~(~~'Ad deleted.', 'wp125'~~)~~.'</p></div>'~~;


168	}
169	?>
170
	@@ -174,11 +189,11 @@ function wp125_write_addeditmenu() {
174	<?php wp_nonce_field('wp125_addedit', 'nonce_wp125_addedit'); ?>
175	<table class="form-table">
176
177	- <?php if (isset($_GET['editad']) && $_GET['editad']!='') { echo '<input name="editedad" type="hidden" value="'.intval($_GET['editad']).'" />'; } ?>
178
179	<tr valign="top">
180	<th scope="row"><?php _e('Name', 'wp125'); ?></th>
181	- <td><input name="adname" type="text" id="adname" value="<?php echo $editingad->name; ?>" size="40" /><br/><?php _e('Whose ad is this?', 'wp125'); ?></td>
182	</tr>
183
184	<tr valign="top">
	@@ -193,7 +208,7 @@ function wp125_write_addeditmenu() {
193
194	<tr valign="top">
195	<th scope="row"><?php _e('Target URL', 'wp125'); ?></th>
196	- <td><input name="adtarget" type="text" id="adtarget" value="<?php if (isset($editingad->target) && $editingad->target!='') { echo $editingad->target; } else { echo 'http://'; } ?>" size="40" /><br/><?php _e('Where should the ad link to?', 'wp125'); ?></td>
197	</tr>
198
199	<?php if (isset($_GET['editad']) && $_GET['editad']!='') {
	@@ -216,7 +231,7 @@ function wp125_write_addeditmenu() {
216	<option value="120">120 <?php _e('Days', 'wp125'); ?></option>
217	<option value="other"><?php _e('Other', 'wp125'); ?></option>
218	</select><?php } ?></label>
219	- <span id="adexp-date">   <?php _e('Month:', 'wp125'); ?> <input type="text" name="adexp-mo" id="adexp-mo" size="2" value="<?php if ($endmonth!='') { echo $endmonth; } else { echo date('m'); } ?>" /> <?php _e('Day:', 'wp125'); ?> <input type="text" name="adexp-day" id="adexp-day" size="2" value="<?php if ($endday!='') { echo $endday; } else { echo date('d'); } ?>" /> <?php _e('Year:', 'wp125'); ?> <input type="text" name="adexp-yr" id="adexp-yr" size="4" value="<?php if ($endyear!='') { echo $endyear; } else { echo date('Y'); } ?>" /> <?php if ($_GET['editad']!='') { ?><br />    <?php _e('Use 00/00/0000 for manual removal.', 'wp125'); ?><?php } ?></span>
220	</td></tr>
221
222	<?php if ($_GET['editad']=='') { ?><script type="text/javascript">
	@@ -239,7 +254,7 @@ function wp125_write_addeditmenu() {
239
240	<tr valign="top">
241	<th scope="row"><?php _e('Ad Image', 'wp125'); ?></th>
242	- <td><input name="adimage" type="text" id="adimage" value="<?php if ($editingad->image_url!='') { echo $editingad->image_url; } else { echo 'http://'; } ?>" size="40" /> <input id="upload_image_button" type="button" class="button" value="Upload Image" /></td>
243	</tr>
244
245	<script type="text/javascript">
	@@ -269,16 +284,16 @@ function wp125_write_settingsmenu() {
269	//DB Data
270	global $wpdb;
271	//Add settings, if submitted
272	- if ($_POST['issubmitted']=='yes') {
273	- $post_adorient = ~~$wpdb->escape~~($_POST['adorient']);
274	- $post_numslots = ~~$wpdb->escape~~($_POST['numads']);
275	- $post_adorder = ~~$wpdb->escape~~($_POST['adorder']);
276	- $post_salespage = ~~$wpdb->escape~~($_POST['salespage']);
277	- $post_widgettitle = ~~$wpdb->escape~~($_POST['widgettitle']);
278	- $post_defaultstyle = ~~$wpdb->escape~~($_POST['defaultstyle']);
279	- $post_emailonexp = ~~$wpdb->escape~~($_POST['emailonexp']);
280	- $post_daysbeforeexp = ~~$wpdb->escape~~($_POST['daysbeforeexp']);
281	- $post_defaultad = ~~$wpdb->escape~~($_POST['defaultad']);
282	if ($post_defaultstyle!='on') { $post_defaultstyle = 'yes'; } else { $post_defaultstyle = ''; }
283	update_option("wp125_ad_orientation", $post_adorient);
284	update_option("wp125_num_slots", $post_numslots);
	@@ -303,6 +318,7 @@ function wp125_write_settingsmenu() {
303	<div class="wrap">
304	<h2><?php _e('Settings', 'wp125'); ?></h2>
305	<form method="post" action="admin.php?page=wp125_settings">

306	<table class="form-table">
307
308	<tr valign="top">
	@@ -317,7 +333,7 @@ function wp125_write_settingsmenu() {
317
318	<tr valign="top">
319	<th scope="row"><?php _e('Number of Ad Slots', 'wp125'); ?></th>
320	- <td><input name="numads" type="text" id="numads" value="<?php echo $setting_num_slots; ?>" size="2" /><br/><?php _e('How many ads should be shown?', 'wp125'); ?></td>
321	</tr>
322
323	<tr valign="top">
	@@ -332,12 +348,12 @@ function wp125_write_settingsmenu() {
332
333	<tr valign="top">
334	<th scope="row"><?php _e('Widget Title', 'wp125'); ?></th>
335	- <td><input name="widgettitle" type="text" id="widgettitle" value="<?php echo $setting_widget_title; ?>" size="50" /><br/><?php _e('The title to be displayed in the widget.', 'wp125'); ?> <em><?php _e('(Leave blank to disable.)', 'wp125'); ?></em></td>
336	</tr>
337
338	<tr valign="top">
339	<th scope="row"><?php _e('Ad Sales Page', 'wp125'); ?></th>
340	- <td><input name="salespage" type="text" id="salespage" value="<?php echo $setting_buyad_url; ?>" size="50" /><br/><?php _e('Do you have a page with statistics and prices?', 'wp125'); ?> <em><?php _e('(Default Ads will link here.)', 'wp125'); ?></em></td>
341	</tr>
342
343	<tr valign="top">
	@@ -347,17 +363,17 @@ function wp125_write_settingsmenu() {
347
348	<tr valign="top">
349	<th scope="row"><?php _e('Expiration Email', 'wp125'); ?></th>
350	- <td><input name="emailonexp" type="text" id="emailonexp" value="<?php echo $setting_emailonexp; ?>" size="50" /><br/><?php _e('Enter your email address if you would like to be emailed when an ad expires.', 'wp125'); ?> <em><?php _e('(Leave blank to disable.)', 'wp125'); ?></em></td>
351	</tr>
352
353	<tr valign="top">
354	<th scope="row"><?php _e('Pre-Expiration Email', 'wp125'); ?></th>
355	- <td><?php _e('Remind me', 'wp125'); ?> <input name="daysbeforeexp" type="text" id="daysbeforeexp" value="<?php echo $setting_daysbeforeexp; ?>" size="2" /> <?php _e('days before an ad expires.', 'wp125'); ?> <em><?php _e('(Emails will be sent to the address specified above.)', 'wp125'); ?></em></td>
356	</tr>
357
358	<tr valign="top">
359	<th scope="row"><?php _e('Default Ad', 'wp125'); ?></th>
360	- <td><input name="defaultad" type="text" id="defaultad" value="<?php echo $setting_defaultad; ?>" size="50" /><br/><?php _e('Which image should be shown as a placeholder when an ad slot is empty?', 'wp125'); ?> (<a href="<?php echo wp125_get_plugin_dir('url').'/youradhere.jpg'; ?>"><?php _e('Default', 'wp125'); ?></a>)</td>
361	</tr>
362
363	</table>
	@@ -389,7 +405,7 @@ function wp125_dashboard_widget() {
389	if ($wp125db) {
390	foreach ($wp125db as $wp125db){
391	?>
392	- <tr><td><?php echo $wp125db->slot; ?></td><td><strong><?php echo $wp125db->name; ?></strong></td><td class="num"><?php echo $wp125db->clicks; ?></td><td><?php echo $wp125db->start_date; ?></td><td><?php echo $wp125db->end_date; ?></td></tr>
393	<?php
394	}
395	} else { echo '<tr> <td colspan="8">'.__('No ads found.', 'wp125').'</td> </tr>'; }


23	//Handle deactivations
24	if ($_GET['wp125action'] == "deactivate") {
25	$theid = intval($_GET['theid']);
26	+ $nonce = wp_create_nonce('nonce_wp125_adstate'.$theid);
27	+ echo '<div id="message" class="updated fade"><p>'.__('Are you sure you want to deactivate the ad?', 'wp125').' <a href="'.esc_url('admin.php?page=wp125/wp125.php&wp125action=deactivateconf&theid='.$theid.'&wp125_nonce_adstate='.$nonce).'">'.__('Yes', 'wp125').'</a>   <a href="admin.php?page=wp125/wp125.php">'.__('No!', 'wp125').'</a></p></div>';
28	}
29	if ($_GET['wp125action'] == "deactivateconf") {
30	$theid = intval($_GET['theid']);
31	global $wpdb, $table_prefix;
32	$adtable_name = $wpdb->prefix . "wp125_ads";
33	+ if (wp_verify_nonce($_GET['wp125_nonce_adstate'], 'nonce_wp125_adstate'.$theid)) {
34	+ $wpdb->update(
35	+ $adtable_name,
36	+ array('status' => '0'),
37	+ array('id' => $theid)
38	+ );
39	+ echo '<div id="message" class="updated fade"><p>'.__('Ad deactivated.', 'wp125').'</p></div>';
40	+ }
41	}
42
43	//Handle REactivations
44	if ($_GET['wp125action'] == "activate") {
45	$theid = intval($_GET['theid']);
46	+ $nonce = wp_create_nonce('nonce_wp125_adstate'.$theid);
47	+ echo '<div id="message" class="updated fade"><p>'.__('Are you sure you want to reactivate the ad?', 'wp125').' <a href="'.esc_url('admin.php?page=wp125/wp125.php&showmanage=inactive&wp125action=activateconf&theid='.$theid.'&wp125_nonce_adstate='.$nonce).'">'.__('Yes', 'wp125').'</a>   <a href="admin.php?page=wp125/wp125.php&showmanage=inactive">'.__('No!', 'wp125').'</a></p></div>';
48	}
49	if ($_GET['wp125action'] == "activateconf") {
50	$theid = intval($_GET['theid']);
51	global $wpdb, $table_prefix;
52	$adtable_name = $wpdb->prefix . "wp125_ads";
53	+ if (wp_verify_nonce($_GET['wp125_nonce_adstate'], 'nonce_wp125_adstate'.$theid)) {
54	+ $wpdb->update(
55	+ $adtable_name,
56	+ array('status' => '1', 'pre_exp_email' => '0'),
57	+ array('id' => $theid)
58	+ );
59	+ echo '<div id="message" class="updated fade"><p>'.__('Ad activated.', 'wp125').'</p></div>';
60	+ }
61	}
62
63	echo '<ul class="subsubsub">'; ?>

86	foreach ($wp125db as $wp125db){
87
88	echo '<tr>';
89	+ echo '<td>'.esc_html($wp125db->slot).'</td>';
90	+ echo '<td><strong>'.esc_html($wp125db->name).'</strong></td>';
91	+ if ($wp125db->clicks!='-1') { echo '<td class="num">'.esc_html($wp125db->clicks).'</td>'; } else { echo '<td class="num">'.__('N/A', 'wp125').'</td>'; }
92	+ echo '<td>'.esc_html($wp125db->start_date).'</td>';
93	+ echo '<td>'.esc_html($wp125db->end_date).'</td>';
94	+ echo '<td><a href="'.esc_url('admin.php?page=wp125_addedit&editad='.$wp125db->id).'">'.__('Edit', 'wp125').'</a></td>';
95	if ( isset($_GET['showmanage']) && ($_GET['showmanage'] == "inactive")) {
96	+ echo '<td><a href="'.esc_url('admin.php?page=wp125/wp125.php&showmanage=inactive&wp125action=activate&theid='.$wp125db->id).'">'.__('Activate', 'wp125').'</a></td>';
97	} else {
98	+ echo '<td><a href="'.esc_url('admin.php?page=wp125/wp125.php&wp125action=deactivate&theid='.$wp125db->id).'">'.__('Deactivate', 'wp125').'</a></td>';
99	}
100	echo '</tr>';
101

104
105	echo '</tbody>
106	</table>';
107	+ echo '<br /><a href="'.esc_url(get_site_url().'?wp125_calendar').'" title="Subscribe with your calendaring software..."><img src="'.esc_url(wp125_get_plugin_dir('url').'/ical.gif').'" alt="iCalendar" /></a>';
108	wp125_admin_page_footer();
109	echo '</div>';
110	}

133
134	<?php
135	if ( $_POST['Submit'] && wp_verify_nonce($_POST['nonce_wp125_addedit'],'wp125_addedit') ) {
136	+ $post_editedad = sanitize_text_field($_POST['editedad']);
137	+ $post_adname = sanitize_text_field($_POST['adname']);
138	+ $post_adslot = sanitize_text_field($_POST['adslot']);
139	+ $post_adtarget = sanitize_text_field($_POST['adtarget']);
140	+ $post_adexp = sanitize_text_field($_POST['adexp']);
141	+ $post_adexpmo = sanitize_text_field($_POST['adexp-mo']);
142	+ $post_adexpday = sanitize_text_field($_POST['adexp-day']);
143	+ $post_adexpyr = sanitize_text_field($_POST['adexp-yr']);
144	+ $post_countclicks = sanitize_text_field($_POST['countclicks']);
145	+ $post_adimage = sanitize_text_field($_POST['adimage']);
146	if ($post_countclicks=='on') { $post_countclicks = '0'; } else { $post_countclicks = '-1'; }
147	$today = date('m').'/'.date('d').'/'.date('Y');
148	if ($post_adexp=='manual') { $theenddate = '00/00/0000'; }

153	if ($post_adexp=='120') { $expiry = time() + 120 * 24 * 60 * 60; $expiry = strftime('%m/%d/%Y', $expiry); $theenddate = $expiry; }
154	if ($post_editedad!='') { $theenddate = $post_adexpmo.'/'.$post_adexpday.'/'.$post_adexpyr; }
155	if ($post_editedad=='') {
156	+ $updatedb = $wpdb->prepare(
157	+ "INSERT INTO $adtable_name (slot, name, start_date, end_date, clicks, status, target, image_url, pre_exp_email) VALUES (%d, %s, %s, %s, %d, %d, %s, %s, %d)",
158	+ $post_adslot, $post_adname, $today, $theenddate, $post_countclicks, 1, $post_adtarget, $post_adimage, 0
159	+ );
160	$results = $wpdb->query($updatedb);
161	echo '<div id="message" class="updated fade"><p>Ad "'.$post_adname.'" created.</p></div>';
162	} else {
163	+ $updatedb = $wpdb->prepare(
164	+ "UPDATE $adtable_name SET slot = %d, name = %s, end_date = %s, target = %s, image_url = %s, pre_exp_email = '0' WHERE id=%d",
165	+ $post_adslot, $post_adname, $theenddate, $post_adtarget, $post_adimage, $post_editedad
166	+ );
167	$results = $wpdb->query($updatedb);
168	echo '<div id="message" class="updated fade"><p>'.__('Ad', 'wp125').' "'.$post_adname.'" '.__('updated.', 'wp125').'</p></div>';
169	}
170	}
171	if ($_POST['deletead']) {
172	+ $post_editedad = sanitize_text_field($_POST['editedad']);
173	+ $nonce = wp_create_nonce('nonce_wp125_deletead'.$post_editedad);
174	+ echo '<div id="message" class="updated fade"><p>'.__('Do you really want to delete this ad record? This action cannot be undone.', 'wp125').' <a href="'.esc_url('admin.php?page=wp125_addedit&deletead='.$post_editedad.'&nonce_wp125_deletead='.$nonce).'">'.__('Yes', 'wp125').'</a>   <a href="'.esc_url('admin.php?page=wp125_addedit&editad='.$post_editedad).'">'.__('No!', 'wp125').'</a></p></div>';
175	}
176	if ($_GET['deletead']!='') {
177	$thead = intval($_GET['deletead']);
178	+ if (wp_verify_nonce($_GET['nonce_wp125_deletead'], 'nonce_wp125_deletead'.$thead)) {
179	+ $updatedb = $wpdb->prepare("DELETE FROM $adtable_name WHERE id=%d", $thead);
180	+ $results = $wpdb->query($updatedb);
181	+ echo '<div id="message" class="updated fade"><p>'.__('Ad deleted.', 'wp125').'</p></div>';
182	+ }
183	}
184	?>
185

189	<?php wp_nonce_field('wp125_addedit', 'nonce_wp125_addedit'); ?>
190	<table class="form-table">
191
192	+ <?php if (isset($_GET['editad']) && $_GET['editad']!='') { echo '<input name="editedad" type="hidden" value="'.esc_attr(intval($_GET['editad'])).'" />'; } ?>
193
194	<tr valign="top">
195	<th scope="row"><?php _e('Name', 'wp125'); ?></th>
196	+ <td><input name="adname" type="text" id="adname" value="<?php echo esc_attr($editingad->name); ?>" size="40" /><br/><?php _e('Whose ad is this?', 'wp125'); ?></td>
197	</tr>
198
199	<tr valign="top">

208
209	<tr valign="top">
210	<th scope="row"><?php _e('Target URL', 'wp125'); ?></th>
211	+ <td><input name="adtarget" type="text" id="adtarget" value="<?php if (isset($editingad->target) && $editingad->target!='') { echo esc_attr($editingad->target); } else { echo 'http://'; } ?>" size="40" /><br/><?php _e('Where should the ad link to?', 'wp125'); ?></td>
212	</tr>
213
214	<?php if (isset($_GET['editad']) && $_GET['editad']!='') {

231	<option value="120">120 <?php _e('Days', 'wp125'); ?></option>
232	<option value="other"><?php _e('Other', 'wp125'); ?></option>
233	</select><?php } ?></label>
234	+ <span id="adexp-date">   <?php _e('Month:', 'wp125'); ?> <input type="text" name="adexp-mo" id="adexp-mo" size="2" value="<?php if ($endmonth!='') { echo esc_attr($endmonth); } else { echo date('m'); } ?>" /> <?php _e('Day:', 'wp125'); ?> <input type="text" name="adexp-day" id="adexp-day" size="2" value="<?php if ($endday!='') { echo esc_attr($endday); } else { echo date('d'); } ?>" /> <?php _e('Year:', 'wp125'); ?> <input type="text" name="adexp-yr" id="adexp-yr" size="4" value="<?php if ($endyear!='') { echo esc_attr($endyear); } else { echo date('Y'); } ?>" /> <?php if ($_GET['editad']!='') { ?><br />    <?php _e('Use 00/00/0000 for manual removal.', 'wp125'); ?><?php } ?></span>
235	</td></tr>
236
237	<?php if ($_GET['editad']=='') { ?><script type="text/javascript">

254
255	<tr valign="top">
256	<th scope="row"><?php _e('Ad Image', 'wp125'); ?></th>
257	+ <td><input name="adimage" type="text" id="adimage" value="<?php if ($editingad->image_url!='') { echo esc_attr($editingad->image_url); } else { echo 'http://'; } ?>" size="40" /> <input id="upload_image_button" type="button" class="button" value="Upload Image" /></td>
258	</tr>
259
260	<script type="text/javascript">

284	//DB Data
285	global $wpdb;
286	//Add settings, if submitted
287	+ if ($_POST['issubmitted']=='yes' && wp_verify_nonce($_POST['nonce_wp125_settings'],'wp125_settings')) {
288	+ $post_adorient = sanitize_text_field($_POST['adorient']);
289	+ $post_numslots = sanitize_text_field($_POST['numads']);
290	+ $post_adorder = sanitize_text_field($_POST['adorder']);
291	+ $post_salespage = sanitize_text_field($_POST['salespage']);
292	+ $post_widgettitle = sanitize_text_field($_POST['widgettitle']);
293	+ $post_defaultstyle = sanitize_text_field($_POST['defaultstyle']);
294	+ $post_emailonexp = sanitize_text_field($_POST['emailonexp']);
295	+ $post_daysbeforeexp = sanitize_text_field($_POST['daysbeforeexp']);
296	+ $post_defaultad = sanitize_text_field($_POST['defaultad']);
297	if ($post_defaultstyle!='on') { $post_defaultstyle = 'yes'; } else { $post_defaultstyle = ''; }
298	update_option("wp125_ad_orientation", $post_adorient);
299	update_option("wp125_num_slots", $post_numslots);

318	<div class="wrap">
319	<h2><?php _e('Settings', 'wp125'); ?></h2>
320	<form method="post" action="admin.php?page=wp125_settings">
321	+ <?php wp_nonce_field('wp125_settings', 'nonce_wp125_settings'); ?>
322	<table class="form-table">
323
324	<tr valign="top">

333
334	<tr valign="top">
335	<th scope="row"><?php _e('Number of Ad Slots', 'wp125'); ?></th>
336	+ <td><input name="numads" type="text" id="numads" value="<?php echo esc_attr($setting_num_slots); ?>" size="2" /><br/><?php _e('How many ads should be shown?', 'wp125'); ?></td>
337	</tr>
338
339	<tr valign="top">

348
349	<tr valign="top">
350	<th scope="row"><?php _e('Widget Title', 'wp125'); ?></th>
351	+ <td><input name="widgettitle" type="text" id="widgettitle" value="<?php echo esc_attr($setting_widget_title); ?>" size="50" /><br/><?php _e('The title to be displayed in the widget.', 'wp125'); ?> <em><?php _e('(Leave blank to disable.)', 'wp125'); ?></em></td>
352	</tr>
353
354	<tr valign="top">
355	<th scope="row"><?php _e('Ad Sales Page', 'wp125'); ?></th>
356	+ <td><input name="salespage" type="text" id="salespage" value="<?php echo esc_attr($setting_buyad_url); ?>" size="50" /><br/><?php _e('Do you have a page with statistics and prices?', 'wp125'); ?> <em><?php _e('(Default Ads will link here.)', 'wp125'); ?></em></td>
357	</tr>
358
359	<tr valign="top">

363
364	<tr valign="top">
365	<th scope="row"><?php _e('Expiration Email', 'wp125'); ?></th>
366	+ <td><input name="emailonexp" type="text" id="emailonexp" value="<?php echo esc_attr($setting_emailonexp); ?>" size="50" /><br/><?php _e('Enter your email address if you would like to be emailed when an ad expires.', 'wp125'); ?> <em><?php _e('(Leave blank to disable.)', 'wp125'); ?></em></td>
367	</tr>
368
369	<tr valign="top">
370	<th scope="row"><?php _e('Pre-Expiration Email', 'wp125'); ?></th>
371	+ <td><?php _e('Remind me', 'wp125'); ?> <input name="daysbeforeexp" type="text" id="daysbeforeexp" value="<?php echo esc_attr($setting_daysbeforeexp); ?>" size="2" /> <?php _e('days before an ad expires.', 'wp125'); ?> <em><?php _e('(Emails will be sent to the address specified above.)', 'wp125'); ?></em></td>
372	</tr>
373
374	<tr valign="top">
375	<th scope="row"><?php _e('Default Ad', 'wp125'); ?></th>
376	+ <td><input name="defaultad" type="text" id="defaultad" value="<?php echo esc_attr($setting_defaultad); ?>" size="50" /><br/><?php _e('Which image should be shown as a placeholder when an ad slot is empty?', 'wp125'); ?> (<a href="<?php echo wp125_get_plugin_dir('url').'/youradhere.jpg'; ?>"><?php _e('Default', 'wp125'); ?></a>)</td>
377	</tr>
378
379	</table>

405	if ($wp125db) {
406	foreach ($wp125db as $wp125db){
407	?>
408	+ <tr><td><?php echo esc_html($wp125db->slot); ?></td><td><strong><?php echo esc_html($wp125db->name); ?></strong></td><td class="num"><?php echo esc_html($wp125db->clicks); ?></td><td><?php echo esc_html($wp125db->start_date); ?></td><td><?php echo esc_html($wp125db->end_date); ?></td></tr>
409	<?php
410	}
411	} else { echo '<tr> <td colspan="8">'.__('No ads found.', 'wp125').'</td> </tr>'; }

calendar.php CHANGED Viewed

@@ -1,30 +1,36 @@
             <?php
-            -
            include '../../../wp-blog-header.php';
-            -
            header("Content-type: text/plain");
-            -
            echo "BEGIN:VCALENDAR
-            -
            VERSION:2.0
-            -
            PRODID:-//Matt Harzewski/WP125//NONSGML v1.0//EN\n\n";
-            -
            $adtable_name = $wpdb->prefix . "wp125_ads";
-            -
            $ads = $wpdb->get_results("SELECT * FROM $adtable_name WHERE status != '0' AND end_date != '00/00/0000' ORDER BY id DESC", OBJECT);
-            -
            if ($ads) {
-            -
            	foreach ($ads as $ads) {
-            -
            		echo "BEGIN:VEVENT\n";
-            -
            		echo "DTSTART;TZOFFSETTO=".date("O", strtotime($ads->end_date)).":".date("Ymd\This", strtotime($ads->end_date))."\n";
-            -
            		echo "DTEND;TZOFFSETTO=".date("O", strtotime($ads->end_date)).":".date("Ymd\This", strtotime($ads->end_date))."\n";
-            -
            		echo "SUMMARY: Ad \"".$ads->name."\" ends.\n";
-            -
            		echo "BEGIN:VALARM\n";
-            -
            		echo "TRIGGER:-PT30M\n";
-            -
            		echo "ACTION:DISPLAY\n";
-            -
            		echo "DESCRIPTION: Ad \"".$ads->name."\" ends.\n";
-            -
            		echo "END:VALARM\n";
-            -
            		echo "END:VEVENT\n\n";
+            	}
+            }
-            -
            echo "END:VCALENDAR";
             ?>


1	<?php
2
3	+ function wp125_calendar_endpoint() {
4	+ if (!isset($_GET['wp125_calendar'])) return;
5	+ header("Content-type: text/plain");
6
7	+ echo "BEGIN:VCALENDAR
8	+ VERSION:2.0
9	+ PRODID:-//Matt Harzewski/WP125//NONSGML v1.0//EN\n\n";
10
11	+ global $wpdb;
12	+ $adtable_name = $wpdb->prefix . "wp125_ads";
13	+ $ads = $wpdb->get_results("SELECT * FROM $adtable_name WHERE status != '0' AND end_date != '00/00/0000' ORDER BY id DESC", OBJECT);
14
15	+ if ($ads) {
16	+ foreach ($ads as $ads) {
17	+ echo "BEGIN:VEVENT\n";
18	+ echo "DTSTART;TZOFFSETTO=".date("O", strtotime($ads->end_date)).":".date("Ymd\This", strtotime($ads->end_date))."\n";
19	+ echo "DTEND;TZOFFSETTO=".date("O", strtotime($ads->end_date)).":".date("Ymd\This", strtotime($ads->end_date))."\n";
20	+ echo "SUMMARY: Ad \"".esc_html($ads->name)."\" ends.\n";
21	+ echo "BEGIN:VALARM\n";
22	+ echo "TRIGGER:-PT30M\n";
23	+ echo "ACTION:DISPLAY\n";
24	+ echo "DESCRIPTION: Ad \"".esc_html($ads->name)."\" ends.\n";
25	+ echo "END:VALARM\n";
26	+ echo "END:VEVENT\n\n";
27	+ }
28	}
29	+
30	+ echo "END:VCALENDAR";
31	+ exit;
32	}
33
34	+ add_action('init', 'wp125_calendar_endpoint');
35
36	?>

readme.txt CHANGED Viewed

	@@ -5,8 +5,8 @@ Author URI: http://www.webmaster-source.com
5	Donate link: http://www.webmaster-source.com/donate/?plugin=wp125
6	Tags: ads, 125x125, management, advertisement
7	Requires at least: 2.8
8	- Tested up to: 4.3.1
9	- Stable tag: 1.5.4
10
11	Easy management of 125x125 ads on your blog. Ads can be run for a specified number of days, and will automatically be taken down. Track clicks too.
12
	@@ -107,7 +107,7 @@ If you're having a problem with the plugin, try posting on the official WordPres
107	* Russian Translation: [M. Comfi](http://www.comfi.com)
108	* Simplified Chinese Translation: [Sam Zuo](http://bwskyer.com/)
109	* Dutch Translation: Jackey van Melis
110	- * Brasilian Portuguese Translation: Jos� de Menezes Filho
111	* German Translation: Simon Kraft
112	* Romanian Translation: [Web Hosting Geeks](http://webhostinggeeks.com/)
113	* Slovak Translation: Branco Radenovich, [Web Hosting Geeks](http://webhostinggeeks.com/)
	@@ -137,3 +137,4 @@ If you're having a problem with the plugin, try posting on the official WordPres
137	* 1.5.1 - Added Czech translation.
138	* 1.5.3 - Added Ukrainian translation
139	* 1.5.4 - Updated to support WordPress 4.3


5	Donate link: http://www.webmaster-source.com/donate/?plugin=wp125
6	Tags: ads, 125x125, management, advertisement
7	Requires at least: 2.8
8	+ Tested up to: 5.8.2
9	+ Stable tag: 1.5.5
10
11	Easy management of 125x125 ads on your blog. Ads can be run for a specified number of days, and will automatically be taken down. Track clicks too.
12

107	* Russian Translation: [M. Comfi](http://www.comfi.com)
108	* Simplified Chinese Translation: [Sam Zuo](http://bwskyer.com/)
109	* Dutch Translation: Jackey van Melis
110	+ * Brasilian Portuguese Translation: Jos� de Menezes Filho
111	* German Translation: Simon Kraft
112	* Romanian Translation: [Web Hosting Geeks](http://webhostinggeeks.com/)
113	* Slovak Translation: Branco Radenovich, [Web Hosting Geeks](http://webhostinggeeks.com/)

137	* 1.5.1 - Added Czech translation.
138	* 1.5.3 - Added Ukrainian translation
139	* 1.5.4 - Updated to support WordPress 4.3
140	+ * 1.5.5 - Fixed potential CSRF vulnerability, security hardening, minor bug fixes

widget_class.php CHANGED Viewed

	@@ -14,7 +14,7 @@ class WP125_Widget extends WP_Widget {
14	extract($args);
15	echo $before_widget;
16	if (!empty($instance['title'])) {
17	- echo "\n".$before_title; echo $instance['title']; echo $after_title;
18	}
19	wp125_write_ads();
20	echo $after_widget;
	@@ -24,8 +24,8 @@ class WP125_Widget extends WP_Widget {
24	$title = $instance['title'];
25	?>
26	<p>
27	- <label for="<?php echo $this->get_field_id('title'); ?>"><?php _e('Title:'); ?></label>
28	- <input class="widefat" id="<?php echo $this->get_field_id('title'); ?>" name="<?php echo $this->get_field_name('title'); ?>" type="text" value="<?php echo esc_attr($title); ?>" />
29	</p>
30	<?php
31	}


14	extract($args);
15	echo $before_widget;
16	if (!empty($instance['title'])) {
17	+ echo "\n".$before_title; echo esc_html($instance['title']); echo $after_title;
18	}
19	wp125_write_ads();
20	echo $after_widget;

24	$title = $instance['title'];
25	?>
26	<p>
27	+ <label for="<?php echo esc_attr($this->get_field_id('title')); ?>"><?php _e('Title:'); ?></label>
28	+ <input class="widefat" id="<?php echo esc_attr($this->get_field_id('title')); ?>" name="<?php echo esc_attr($this->get_field_name('title')); ?>" type="text" value="<?php echo esc_attr($title); ?>" />
29	</p>
30	<?php
31	}

wp125.php CHANGED Viewed

	@@ -5,7 +5,7 @@ Plugin URI: http://www.webmaster-source.com/wp125-ad-plugin-wordpress/
5	Description: Easily manage 125x125 ads within your WordPress Dashboard.
6	Author: Matt Harzewski (redwall_hp)
7	Author URI: http://www.webmaster-source.com
8	- Version: 1.5.4
9	*/
10
11
	@@ -15,6 +15,7 @@ define("MANAGEMENT_PERMISSION", "edit_themes"); //The minimum privilege required
15
16	//Includes
17	include "widget_class.php";

18
19
20	//Ad Click Redirect
	@@ -28,8 +29,8 @@ function wp125_adclick() {
28	"SELECT target FROM {$adtable_name} WHERE id = %d",
29	$theid
30	));
31	- $theid = ~~$wpdb->escape~~($theid);
32	- $update = "UPDATE ". $adtable_name ." SET clicks=clicks+1 WHERE id='$theid'";
33	$results = $wpdb->query( $update );
34	header("Location: $thead->target");
35	exit;
	@@ -86,14 +87,14 @@ function wp125_CheckAdDate($thedate, $theid, $pre_exp_email) {
86	$thedefdate = $thedate;
87	$thedate = strtotime($thedate);
88	if ($today > $thedate) {
89	- $updatedb = "UPDATE $adtable_name SET status='0' AND pre_exp_email='0' WHERE id='$theid'";
90	$results = $wpdb->query($updatedb);
91	sendExpirationEmail($theid);
92	}
93	$dayssetting = get_option("wp125_daysbeforeexp");
94	if ( strtotime(date('m').'/'.date('d').'/'.date('Y')) > strtotime($thedefdate." - $dayssetting days") AND $dayssetting>0 AND $pre_exp_email!=1 ) {
95	sendPreExpirationEmail($theid);
96	- $updatedb = "UPDATE $adtable_name SET pre_exp_email='1' WHERE id='$theid'";
97	$results = $wpdb->query($updatedb);
98	}
99	return;
	@@ -129,9 +130,11 @@ $setting_buyad_url = get_option("wp125_buyad_url");
129	$setting_defaultad = get_option("wp125_defaultad");
130	$adtable_name = $wpdb->prefix . "wp125_ads";
131	if (!defined('ADLINK_EXTRA')) { define("ADLINK_EXTRA", ""); }
132	- if ($setting_ad_order == 'random') { ~~$theorder = 'RAND() LIMIT '.$setting_num_slots; } else { $theorder = 'slot ASC'; }~~
133	- $~~exclude_sql~~ = "AND slot NOT IN ($exclude)";
134	- ~~$theads~~ = ~~$wpdb->get_results("SELECT * FROM $adtable_name WHERE status = '1' $exclude_sql ORDER BY $theorder", ARRAY_A);~~


135	if ($setting_ad_orientation=='1c') {
136	echo '<div id="wp125adwrap_1c">'."\n";
137	$arraycount = 0;
	@@ -151,8 +154,8 @@ for ($curslot=1; $curslot <= $setting_num_slots; $curslot++) {
151	$altclass = ( ' odd' != $altclass ) ? ' odd' : ' even';
152	if (isset($adguidearray[$curslot])) {
153	if ($adguidearray[$curslot]['clicks'] != -1) { $linkurl = get_option('blogurl').'index.php?adclick='.$adguidearray[$curslot]['id']; } else { $linkurl = $adguidearray[$curslot]['target']; }
154	- echo '<div class="wp125ad'.$altclass.'"><a href="'.$linkurl.'" title="'.$adguidearray[$curslot]['name'].'" rel="nofollow"'.ADLINK_EXTRA.'><img src="'.$adguidearray[$curslot]['image_url'].'" alt="'.$adguidearray[$curslot]['name'].'" /></a></div>'."\n";
155	- } else { echo '<div class="wp125ad'.$altclass.'"><a href="'.$setting_buyad_url.'" rel="nofollow"'.ADLINK_EXTRA.'><img src="'.$setting_defaultad.'" alt="" /></a></div>'."\n"; }
156	}
157	echo "</div>\n";
158	}
	@@ -175,8 +178,8 @@ for ($curslot=1; $curslot <= $setting_num_slots; $curslot++) {
175	$altclass = ( ' odd' != $altclass ) ? ' odd' : ' even';
176	if (isset($adguidearray[$curslot])) {
177	if ($adguidearray[$curslot]['clicks'] != -1) { $linkurl = get_option('blogurl').'index.php?adclick='.$adguidearray[$curslot]['id']; } else { $linkurl = $adguidearray[$curslot]['target']; }
178	- echo '<div class="wp125ad'.$altclass.'"><a href="'.$linkurl.'" title="'.$adguidearray[$curslot]['name'].'" rel="nofollow"'.ADLINK_EXTRA.'><img src="'.$adguidearray[$curslot]['image_url'].'" alt="'.$adguidearray[$curslot]['name'].'" /></a></div>'."\n";
179	- } else { echo '<div class="wp125ad'.$altclass.'"><a href="'.$setting_buyad_url.'" rel="nofollow"'.ADLINK_EXTRA.'><img src="'.$setting_defaultad.'" alt="" /></a></div>'."\n"; }
180	}
181	echo "</div>\n";
182	}
	@@ -187,11 +190,11 @@ function wp125_single_ad($theslot) {
187	global $wpdb;
188	if (!defined('ADLINK_EXTRA')) { define("ADLINK_EXTRA", ""); }
189	$adtable_name = $wpdb->prefix . "wp125_ads";
190	- $thead = $wpdb->get_row("SELECT * FROM $adtable_name WHERE slot = ~~'$theslot'~~ AND status = '1' ORDER BY id DESC", OBJECT);
191	if ($thead) {
192	if ($thead->clicks != -1) { $linkurl = get_option('blogurl').'index.php?adclick='.$thead->id; } else { $linkurl = $thead->target; }
193	- echo '<a href="'.$linkurl.'" title="'.$adguidearray[$curslot]['name'].'" rel="nofollow"'.ADLINK_EXTRA.'><img src="'.$thead->image_url.'" alt="'.$thead->name.'" /></a>';
194	- } else { echo '<a href="'.get_option("wp125_buyad_url").'" rel="nofollow"><img src="'.get_option("wp125_defaultad").'" alt="Your Ad Here" /></a>'; }
195	}
196
197
	@@ -210,7 +213,7 @@ function wp125_get_plugin_dir($type) {
210	function sendExpirationEmail($theid) {
211	global $wpdb;
212	$adtable_name = $wpdb->prefix . "wp125_ads";
213	- $thead = $wpdb->get_row("SELECT * FROM $adtable_name WHERE id='$theid'", OBJECT);
214	if (get_option('wp125_emailonexp')!='') {
215	$theblog = get_option('blogname');
216	$from = get_option('admin_email');
	@@ -226,7 +229,7 @@ function sendExpirationEmail($theid) {
226	function sendPreExpirationEmail($theid) {
227	global $wpdb;
228	$adtable_name = $wpdb->prefix . "wp125_ads";
229	- $thead = $wpdb->get_row("SELECT * FROM $adtable_name WHERE id='$theid'", OBJECT);
230	if (get_option('wp125_emailonexp')!='') {
231	$theblog = get_option('blogname');
232	$from = get_option('admin_email');


5	Description: Easily manage 125x125 ads within your WordPress Dashboard.
6	Author: Matt Harzewski (redwall_hp)
7	Author URI: http://www.webmaster-source.com
8	+ Version: 1.5.5
9	*/
10
11

15
16	//Includes
17	include "widget_class.php";
18	+ include "calendar.php";
19
20
21	//Ad Click Redirect

29	"SELECT target FROM {$adtable_name} WHERE id = %d",
30	$theid
31	));
32	+ $theid = sanitize_text_field($theid);
33	+ $update = $wpdb->prepare("UPDATE ". $adtable_name ." SET clicks=clicks+1 WHERE id=%d", $theid);
34	$results = $wpdb->query( $update );
35	header("Location: $thead->target");
36	exit;

87	$thedefdate = $thedate;
88	$thedate = strtotime($thedate);
89	if ($today > $thedate) {
90	+ $updatedb = $wpdb->prepare("UPDATE $adtable_name SET status='0' AND pre_exp_email='0' WHERE id=%d", $theid);
91	$results = $wpdb->query($updatedb);
92	sendExpirationEmail($theid);
93	}
94	$dayssetting = get_option("wp125_daysbeforeexp");
95	if ( strtotime(date('m').'/'.date('d').'/'.date('Y')) > strtotime($thedefdate." - $dayssetting days") AND $dayssetting>0 AND $pre_exp_email!=1 ) {
96	sendPreExpirationEmail($theid);
97	+ $updatedb = $wpdb->prepare("UPDATE $adtable_name SET pre_exp_email='1' WHERE id=%d", $theid);
98	$results = $wpdb->query($updatedb);
99	}
100	return;

130	$setting_defaultad = get_option("wp125_defaultad");
131	$adtable_name = $wpdb->prefix . "wp125_ads";
132	if (!defined('ADLINK_EXTRA')) { define("ADLINK_EXTRA", ""); }
133	+ if ($setting_ad_order == 'random') {
134	+ $theads = $wpdb->get_results($wpdb->prepare("SELECT * FROM $adtable_name WHERE status = '1' AND slot NOT IN (%d) ORDER BY RAND() LIMIT %d", $exclude, $setting_num_slots), ARRAY_A);
135	+ } else {
136	+ $theads = $wpdb->get_results($wpdb->prepare("SELECT * FROM $adtable_name WHERE status = '1' AND slot NOT IN (%d) ORDER BY slot ASC", $exclude), ARRAY_A);
137	+ }
138	if ($setting_ad_orientation=='1c') {
139	echo '<div id="wp125adwrap_1c">'."\n";
140	$arraycount = 0;

154	$altclass = ( ' odd' != $altclass ) ? ' odd' : ' even';
155	if (isset($adguidearray[$curslot])) {
156	if ($adguidearray[$curslot]['clicks'] != -1) { $linkurl = get_option('blogurl').'index.php?adclick='.$adguidearray[$curslot]['id']; } else { $linkurl = $adguidearray[$curslot]['target']; }
157	+ echo '<div class="wp125ad'.esc_attr($altclass).'"><a href="'.esc_url($linkurl).'" title="'.esc_attr($adguidearray[$curslot]['name']).'" rel="nofollow"'.esc_attr(ADLINK_EXTRA).'><img src="'.esc_url($adguidearray[$curslot]['image_url']).'" alt="'.esc_attr($adguidearray[$curslot]['name']).'" /></a></div>'."\n";
158	+ } else { echo '<div class="wp125ad'.esc_attr($altclass).'"><a href="'.esc_url($setting_buyad_url).'" rel="nofollow"'.esc_attr(ADLINK_EXTRA).'><img src="'.esc_url($setting_defaultad).'" alt="" /></a></div>'."\n"; }
159	}
160	echo "</div>\n";
161	}

178	$altclass = ( ' odd' != $altclass ) ? ' odd' : ' even';
179	if (isset($adguidearray[$curslot])) {
180	if ($adguidearray[$curslot]['clicks'] != -1) { $linkurl = get_option('blogurl').'index.php?adclick='.$adguidearray[$curslot]['id']; } else { $linkurl = $adguidearray[$curslot]['target']; }
181	+ echo '<div class="wp125ad'.esc_attr($altclass).'"><a href="'.esc_url($linkurl).'" title="'.esc_attr($adguidearray[$curslot]['name']).'" rel="nofollow"'.esc_attr(ADLINK_EXTRA).'><img src="'.esc_url($adguidearray[$curslot]['image_url']).'" alt="'.esc_attr($adguidearray[$curslot]['name']).'" /></a></div>'."\n";
182	+ } else { echo '<div class="wp125ad'.esc_attr($altclass).'"><a href="'.esc_url($setting_buyad_url).'" rel="nofollow"'.esc_attr(ADLINK_EXTRA).'><img src="'.esc_url($setting_defaultad).'" alt="" /></a></div>'."\n"; }
183	}
184	echo "</div>\n";
185	}

190	global $wpdb;
191	if (!defined('ADLINK_EXTRA')) { define("ADLINK_EXTRA", ""); }
192	$adtable_name = $wpdb->prefix . "wp125_ads";
193	+ $thead = $wpdb->get_row($wpdb->prepare("SELECT * FROM $adtable_name WHERE slot = %d AND status = '1' ORDER BY id DESC", $theslot), OBJECT);
194	if ($thead) {
195	if ($thead->clicks != -1) { $linkurl = get_option('blogurl').'index.php?adclick='.$thead->id; } else { $linkurl = $thead->target; }
196	+ echo '<a href="'.esc_url($linkurl).'" title="'.esc_attr($adguidearray[$curslot]['name']).'" rel="nofollow"'.esc_attr(ADLINK_EXTRA).'><img src="'.esc_url($thead->image_url).'" alt="'.esc_attr($thead->name).'" /></a>';
197	+ } else { echo '<a href="'.esc_url(get_option("wp125_buyad_url")).'" rel="nofollow"><img src="'.esc_url(get_option("wp125_defaultad")).'" alt="Your Ad Here" /></a>'; }
198	}
199
200

213	function sendExpirationEmail($theid) {
214	global $wpdb;
215	$adtable_name = $wpdb->prefix . "wp125_ads";
216	+ $thead = $wpdb->get_row($wpdb->prepare("SELECT * FROM $adtable_name WHERE id=%d", $theid), OBJECT);
217	if (get_option('wp125_emailonexp')!='') {
218	$theblog = get_option('blogname');
219	$from = get_option('admin_email');

229	function sendPreExpirationEmail($theid) {
230	global $wpdb;
231	$adtable_name = $wpdb->prefix . "wp125_ads";
232	+ $thead = $wpdb->get_row($wpdb->prepare("SELECT * FROM $adtable_name WHERE id=%d", $theid), OBJECT);
233	if (get_option('wp125_emailonexp')!='') {
234	$theblog = get_option('blogname');
235	$from = get_option('admin_email');